Computer Networking: Computer Networks Security
3. Computer Networks Security
Network security needs to be defined preferably using a Security Policy document. The security policy document is a comprehensive document covering areas of
security preparation, prevention, and response.
Security policy preparations: Security policy preparation include creation of usage policy statements, risk analysis, and security team formation.
The risk analysis should identify the risks to your network resources including physical devices, and data. The classification of risks is done ( e.g. low
risk components, high risk components etc.) and appropriate security measures taken. Next step in security policy preparation is establishing the
access levels such as super admin, admin, backup operator, user etc. Assigning appropriate resource access levels restrict access to critical resources
only to authorized personnel. Firewalls, proxy servers, gateways, and email servers need to be given highest levels of security.
Security policy implementation: The security policy team is responsible for implementation of security provisions. The security provisions typically include the following:
- Firewalls, proxy servers, or gateway configuration
- Access Control Lists (ACLs) formation and implementation
- SNMP configuration and monitoring
- Security hot fixes to software of various devices, operating systems, and applications.
- Backup and restore procedures
Security Response: Should any security breach occurs, a response should be implemented by the security team. A security response consists of
identifying the security violation, implementation of remedial action, review, and documentation. Typical steps include the following:
- Isolate the violation and prevent further spread
- Take evidence of the violation before initiating a corrective action. Otherwise, the evidence may be lost, and you would not be able to identify the origin of the violation.
- Contact local police or government agencies and report if necessary
- Test the system for remedial action, and document.
Restoration: Once the security violation is investigated and documented, restore the system according to the accepted restoration procedure.